According to a Bloomberg report today, it has been reported that the NSA has been exploiting the Heartbleed bug for at least two years. A report earlier this week stated up to 66% of websites use the affected software, including popular email and social media sites.
While the NSA has denied these claims, the agency has more than 1,000 experts using sophisticated techniques, many of which are classified, to search out security flaws such as Heartbleed. A source “familiar with the matter,” according to Bloomberg, claims the flaw was discovered early on and has been exploited by the NSA.
At this point, it is unclear whether anyone outside the U.S. government has accessed personal information through Heartbleed. According to a Business Insider report, the method of access is untraceable, so it’s possible we may never be able to determine whether other sources accessed personal information from approximately two-thirds of the websites using this encryption method.
Currently NSA involvement and/or exploitation through Heartbleed is up to speculation. As far as I have found, no sources have been named at this point to validate these claims. “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” the agency said in a statement. “Reports that say otherwise are wrong.”